#!/bin/sh
# PCP QA Test No. 723
# Exercise Linux kernel proc.psinfo.label metric
#
# Copyright (c) 2013 Red Hat.  All Rights Reserved.
#

seq=`basename $0`
echo "QA output created by $seq"
# get standard environment, filters and checks
. ./common.product
. ./common.filter
. ./common.check

pid=$$

test $PCP_PLATFORM = linux || _notrun "Test unsupported on $PCP_PLATFORM"
test -f /proc/$pid/attr/current || _notrun "No kernel support for labels"
# for some kernels, /proc/$pid/attr/current exists, but attempts to
# access the "file" produce an Invalid argument error
#
cat /proc/$$/attr/current >/dev/null 2>&1 || _notrun "Incomplete kernel support for process security labels"


status=1	# failure is the default!
trap "cd $here; rm -rf $tmp.*; exit \$status" 0 1 2 3 15

# real QA test starts here
#debug# ls -l /proc/$pid/attr/current
syslabel=`cat /proc/$pid/attr/current | tr '\0' '\n'`
echo "SYS Label for process $pid is: $syslabel" >> $seq_full

pminfo -f proc.psinfo.labels > $tmp.labels
# label might be more than one word, e.g. "crun (unconfined)"
# in CI
#
pcplabel=`grep "^    inst \[$pid or " $tmp.labels \
	| sed -e 's/"[ 	]*$//' -e 's/.*"//'`
echo "PCP Label for process $pid is: $pcplabel" >> $seq_full
echo "Extracted from list:" >> $seq_full
cat $tmp.labels >> $seq_full

if [ "$pcplabel" = "$syslabel" ]
then
    echo "Security label for current process checks out"
    status=0
else
    echo "Mismatch on security labels:"
    echo "PCP Label: $pcplabel"
    echo "SYS Label: $syslabel"
    status=1
fi

exit
